diff --git a/handler/routes.go b/handler/routes.go
index 5164fd6..2d3509a 100644
--- a/handler/routes.go
+++ b/handler/routes.go
@@ -157,6 +157,12 @@ func NewClient() echo.HandlerFunc {
 			return c.JSON(http.StatusBadRequest, jsonHTTPResponse{false, "Allowed IPs must be in CIDR format"})
 		}
 
+		// validate the input PrivateSubnets
+		if util.ValidatePrivateSubnets(client.PrivateSubnets) == false {
+			log.Warnf("Invalid Private Subnets input from user: %v", client.PrivateSubnets)
+			return c.JSON(http.StatusBadRequest, jsonHTTPResponse{false, "Private Subnets must be in CIDR format"})
+		}
+
 		// gen ID
 		guid := xid.New()
 		client.ID = guid.String()
@@ -180,6 +186,14 @@ func NewClient() echo.HandlerFunc {
 		client.CreatedAt = time.Now().UTC()
 		client.UpdatedAt = client.CreatedAt
 
+		client.HasPrivateSubnet = false
+		for _, privateSubnet := range client.PrivateSubnets {
+			if privateSubnet != "" {
+				client.HasPrivateSubnet = true
+			}
+		}
+		
+
 		// write client to the database
 		db.Write("clients", client.ID, client)
 		log.Infof("Created wireguard client: %v", client)
@@ -229,14 +243,28 @@ func UpdateClient() echo.HandlerFunc {
 			return c.JSON(http.StatusBadRequest, jsonHTTPResponse{false, "Allowed IPs must be in CIDR format"})
 		}
 
+		// validate the input PrivateSubnets
+		if util.ValidatePrivateSubnets(_client.PrivateSubnets) == false {
+			log.Warnf("Invalid Private Subnets input from user: %v", _client.PrivateSubnets)
+			return c.JSON(http.StatusBadRequest, jsonHTTPResponse{false, "Private Subnets must be in CIDR format"})
+		}
+
 		// map new data
 		client.Name = _client.Name
 		client.Email = _client.Email
 		client.Enabled = _client.Enabled
 		client.AllocatedIPs = _client.AllocatedIPs
 		client.AllowedIPs = _client.AllowedIPs
+		client.PrivateSubnets = _client.PrivateSubnets
 		client.UpdatedAt = time.Now().UTC()
 
+		client.HasPrivateSubnet = false
+		for _, privateSubnet := range client.PrivateSubnets {
+			if privateSubnet != "" {
+				client.HasPrivateSubnet = true
+			}
+		}
+
 		// write to the database
 		db.Write("clients", client.ID, &client)
 		log.Infof("Updated client information successfully => %v", client)
diff --git a/model/client.go b/model/client.go
index 3da74f0..923914a 100644
--- a/model/client.go
+++ b/model/client.go
@@ -6,18 +6,19 @@ import (
 
 // Client model
 type Client struct {
-	ID             string    `json:"id"`
-	PrivateKey     string    `json:"private_key"`
-	PublicKey      string    `json:"public_key"`
-	PresharedKey   string    `json:"preshared_key"`
-	Name           string    `json:"name"`
-	Email          string    `json:"email"`
-	AllocatedIPs   []string  `json:"allocated_ips"`
-	AllowedIPs     []string  `json:"allowed_ips"`
-	PrivateSubnets []string  `json:"private_subnets"`
-	Enabled        bool      `json:"enabled"`
-	CreatedAt      time.Time `json:"created_at"`
-	UpdatedAt      time.Time `json:"updated_at"`
+	ID               string    `json:"id"`
+	PrivateKey       string    `json:"private_key"`
+	PublicKey        string    `json:"public_key"`
+	PresharedKey     string    `json:"preshared_key"`
+	Name             string    `json:"name"`
+	Email            string    `json:"email"`
+	AllocatedIPs     []string  `json:"allocated_ips"`
+	AllowedIPs       []string  `json:"allowed_ips"`
+	HasPrivateSubnet bool      `json:"hasPrivateSubnet"`
+	PrivateSubnets   []string  `json:"private_subnets"`
+	Enabled          bool      `json:"enabled"`
+	CreatedAt        time.Time `json:"created_at"`
+	UpdatedAt        time.Time `json:"updated_at"`
 }
 
 // ClientData includes the Client and extra data
diff --git a/templates/base.html b/templates/base.html
index 67f89fb..de8e298 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -154,7 +154,7 @@
                                     value="0.0.0.0/0">
                             </div>
                             <div class="form-group">
-                                <label for="client_private_subnets" class="control-label">Allowed IPs</label>
+                                <label for="client_private_subnets" class="control-label">Private Subnets</label>
                                 <input type="text" data-role="tagsinput" class="form-control" id="client_private_subnets">
                             </div>
                             <div class="form-group">
diff --git a/templates/wg.conf b/templates/wg.conf
index e63c8cc..589459c 100644
--- a/templates/wg.conf
+++ b/templates/wg.conf
@@ -20,5 +20,5 @@ PostDown = {{ .serverConfig.Interface.PostDown }}
 [Peer]
 PublicKey = {{ .Client.PublicKey }}
 PresharedKey = {{ .Client.PresharedKey }}
-AllowedIPs = {{$first :=true}}{{range .Client.AllocatedIPs }}{{if $first}}{{$first = false}}{{else}},{{end}}{{.}}{{end}}{{if .Client.PrivateSubnets}},{{end}}{{$first :=true}}{{range .Client.PrivateSubnets }}{{if $first}}{{$first = false}}{{else}},{{end}}{{.}}{{end}}
+AllowedIPs = {{$first :=true}}{{range .Client.AllocatedIPs }}{{if $first}}{{$first = false}}{{else}},{{end}}{{.}}{{end}}{{if eq .Client.HasPrivateSubnet true}},{{$first :=true}}{{range .Client.PrivateSubnets }}{{if $first}}{{$first = false}}{{else}},{{end}}{{.}}{{end}}{{end}}
 {{end}}{{end}}
diff --git a/util/util.go b/util/util.go
index d98aaec..027e0fa 100644
--- a/util/util.go
+++ b/util/util.go
@@ -57,7 +57,7 @@ func ValidateCIDR(cidr string) bool {
 // ValidateCIDRList to validate a list of network CIDR
 func ValidateCIDRList(cidrs []string) bool {
 	for _, cidr := range cidrs {
-		if ValidateCIDR(cidr) == false {
+		if cidr != "" && ValidateCIDR(cidr) == false {
 			return false
 		}
 	}
@@ -72,6 +72,14 @@ func ValidateAllowedIPs(cidrs []string) bool {
 	return true
 }
 
+// ValidatePrivateSubnets to validate allowed ip addresses in CIDR format
+func ValidatePrivateSubnets(cidrs []string) bool {
+	if ValidateCIDRList(cidrs) == false {
+		return false
+	}
+	return true
+}
+
 // ValidateServerAddresses to validate allowed ip addresses in CIDR format
 func ValidateServerAddresses(cidrs []string) bool {
 	if ValidateCIDRList(cidrs) == false {